My server is getting flooded by Avast Secure DNS. This was generating high I/O while writing lots of entries in daemon.log and syslog files. Thank to fail2ban, I was able to ban those IP and get the server back to normal.
I come here to ask for some details about this since I'm Linux learner. The server is running on Debian Wheezy.
Here is a sample of daemon.log file :
Jan 27 20:47:43 server named[xxxx]: client 37.110.213.97#51810: query (cache) '2.SecureDNS.AVASt.CoM/TXT/IN' denied
Jan 27 20:47:49 server named[xxxx]: client 154.0.26.150#38513: query (cache) '2.SECUredNs.Avast.cOM/TXT/IN' denied
Jan 27 20:47:50 server named[xxxx]: client 154.0.26.150#33704: query (cache) '2.sEcurEDns.avasT.COm/TXT/IN' denied
Jan 27 20:47:54 server named[xxxx]: client 154.0.26.150#50798: query (cache) '2.sEcUreDns.avasT.com/TXT/IN' denied
Jan 27 20:48:06 server named[xxxx]: client 201.79.137.74#54727: query (cache) '2.SeCuREDnS.AvAST.CoM/TXT/IN' denied
Jan 27 20:48:07 server named[xxxx]: client 201.79.137.74#54735: query (cache) '2.secuReDNs.avaSt.cOM/TXT/IN' denied
Jan 27 20:48:11 server named[xxxx]: client 201.79.100.41#54754: query (cache) '2.SeCUrEDNS.AVAsT.COM/TXT/IN' denied
Jan 27 20:48:12 server named[xxxx]: client 77.147.247.52#62948: query (cache) '2.SecUREdns.AvAsT.COM/TXT/IN' denied
- Is that what they call DDos attack ?
- Why this come from Avast Secure DNS ?
- What's the best solution to handle this ?
- When will this stop ?
- How can I know where this attack come from ?